The 2012 epidemic of ransom malware appears to have turned even nastier with reports that as many as 30 Australian businesses have now asked police for help coping with attacks in a matter of days.
According to local news, police in the state of Queensland have received reports from a dozen businesses while many other are believed to have chosen to keep incidents to themselves.
Businesses affected included those in the medical, entertainment, retail and insurance sectors, the news source said, with several dozen affected in total.
In one recent incident, a business in the Northern Territories reportedly paid an AUD $3,000 (about £2,000) ransom via Western Union to get back access to important financial records, including credit card data and debtor invoices. The attackers demanded the money within seven days or the sum would increase by AUD $1,000 per week.
Worryingly, this attack used 256-bit encryption, to all intents and purposes impossible to crack if the key has not been exposed during the attack.
"A lot of businesses can't afford the interruptions to their trade and will pay straight away," detective superintendant Brian Hay of Queensland’s fraud and corporate crime group told press.
As well as being encrypted it was also possible that data would be stolen during such attacks to use in other types of fraud, he said. The vulnerability targeted by attackers was to infect users through compromsied websites by targetting common software flaws.
Ransom malware has become a serious issue during 2012, although its effect on businesses is rarely recorded. Most of the data that has become public has been in the form of police warnings based on attacks against consumers.
Most attacks simply attempt to engineer users into believing their files are encrypted when they are not or make more general threats, often to report victims to national police for non-existent crimes.
The use of industrial-strength encryption is rare although this sort of technique is actually where the form started as long ago in 2006 with a piece of malware called ‘Cryzip.’
In August, the FBI said it had been “inundated” with ransom malware reports from consumers, not long after the UK’s Police Central e-Crime Unit (PCeU) publicised an identical spate of attacks that had affected over a thousand PCs in the UK.
In the past the few security companies that have investigated the issue have pinned the blame on a single cabal of Russian criminals that seem able to operate with impunity. Now the same tactics appear to have spread to gangs in nearby countries such as the Ukraine and Romania.
The suspicion is that some security vendors say little about the problem because not only is their software unable to stop infections but they can’t always unlock the files after the fact either.